RIPA set to create conflicts of interest between employers and employees

Richard Clayton richard at highwayman.com
Thu, 11 Apr 2002 18:19:57 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.nabarro.com/press_office/index.asp?sectionID=12122&docID=86265

RIPA set to create conflicts of interest between employers and employees

The Regulation of Investigatory Powers Act (RIPA) has the potential to
create conflicts of interest between employer and employee because of the
way it provides government agencies with the right to demand from
individual employees ‘private keys’ to unlock encrypted information held
in their employer’s possession. 

This is the warning contained in “The RIPA Report” published by law firm
Nabarro Nathanson. It is advising companies which handle encrypted
information, especially Internet Service Providers (ISPs), that they
should act now in order to prevent such a conflict of interest arising. 

“What happens if an investigating authority approaches the wrong
individual in the company and requires them to produce private records
relating to emails of other employees?” asks Dai Davis of Nabarro
Nathanson “And what happens if the individual wishes to take legal
advice? Technically, the individual is allowed to take external legal
advice, but cannot ask his supervisor or colleagues to approve taking
that advice. Under RIPA, where an in-house lawyer is consulted, it would
appear that the in-house lawyer would be conflicted out from giving
advice to the recipient of the notice served under RIPA,” he warns. 

Nabarro Nathanson commissioned a survey of senior managers in 100 UK plcs
and 100 UK based ISPs to see how well prepared they were to deal with
RIPA. The survey, carried out by research company, CFH found that:

*  only 14 per cent of managers in the companies polled were aware of
   RIPA, whilst 86 per cent were unaware of the Act 
*  of those aware of the Act, half were not aware that they could be
   forced by government agencies to reveal the ‘private keys’ which will
   unlock encrypted information in their possession.

Nabarro Nathanson is advising clients which handle encrypted information
to undertake a six step RIPA plan which requires them to:

*  Review and audit encrypted information held by the company and
   identify under which jurisdictions the information is kept 
*  Develop a company policy with regards to how the company would process
   requests for ‘private keys’ by government agencies invoking RIPA 
*  Ensure the company has adequate practices and “standard” procedures in
   place to deal with RIPA and include these procedures in staff manuals 
*  Review contracts of employment to see if they cope with the
   implications of RIPA and, if appropriate, amend them accordingly 
*  Make employees aware of RIPA and of the procedures adopted by the
   company to deal with any government agency requesting information
   under the terms of RIPA 
*  Put procedures in place in advance which will allow staff access to
   external legal advice.

Nabarro Nathanson will be giving breakfast briefings on this topic on
Tuesday 28th May 2002 in London and Wednesday 5th June 2002 in Reading.
Companies wishing to attend, please call 020 7524 6664. 

ISPs and companies wanting a copy of Nabarro Nathanson’s RIPA Report can
obtain one by calling 020 7524 6000 or by visiting the Publications
section of the firm's website at www.nabarro.com.

- -- 
richard                                              Richard Clayton

Are you a Friend of FIPR yet?       http://www.fipr.org/friends.html

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBPLXFvRfnRQV/feRLEQJ6IwCcDwvHyoCbzzQA2WZGGLwrKuCAvOgAnilg
EJ2DEsWYeyDvIP88Y/FnCuHZ
=9RJ9
-----END PGP SIGNATURE-----